Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Accessing Enterprise Resources While Providing Denial-of-Service Attack Protection

a technology of enterprise resources and access gateways, applied in the field of computing devices and computer networks, can solve the problems of gateways being vulnerable to a denial-of-service attack, consuming access gateway storage capabilities, and preventing them from servicing legitimate users

Active Publication Date: 2015-02-12
CITRIX SYST INC
View PDF27 Cites 48 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

The patent text describes a method where an access gateway does not store the specific enterprise resource identifier (such as a URL) before authentication. Rather, upon initial access request from an unauthenticated user, the access gateway sends an identification cookie as part of a redirection message to the client device. This cookie includes the identifier for the specific enterprise resource. This identifier can be obtained and used later on when the client device is authenticated and securely communicates with the access gateway, allowing the access gateway to obtain the information as needed without storing it pre-authentication. The technical effect of this method is improved security and efficiency in resource access control.

Problems solved by technology

This can be problematic in that the user then has to figure out how to access the specific enterprise resource from the common landing page, often resulting in a less than positive experience for the user.
But this solution can be problematic in that storage of the requested enterprise resource identifier consumes gateway resources (memory) and makes the gateway vulnerable to a denial-of-service attack.
A common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be essentially rendered unavailable.
In the case described above, if requested enterprise resource identifiers are stored by the gateway before user authentication, providing many requests for enterprise resources from unauthenticated rogue users could consume the storage capabilities of the access gateway and prevent it from servicing legitimate users.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Accessing Enterprise Resources While Providing Denial-of-Service Attack Protection
  • Accessing Enterprise Resources While Providing Denial-of-Service Attack Protection
  • Accessing Enterprise Resources While Providing Denial-of-Service Attack Protection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0018]In the following description of the various embodiments, reference is made to the accompanying drawings identified above and which form a part hereof, and in which is shown by way of illustration various embodiments in which aspects described herein may be practiced. It is to be understood that other embodiments may be utilized and structural and functional modifications may be made without departing from the scope described herein. Various aspects are capable of other embodiments and of being practiced or being carried out in various different ways.

[0019]As a general introduction to the subject matter described in more detail below, aspects described herein are directed towards controlling remote access to resources at an enterprise computing system using managed mobile applications at mobile computing devices. An access manager may perform a validation process that determines whether a mobile application requesting access to enterprise resources has accurately identified its...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A method for accessing enterprise resources while providing denial-of-service attack protection. The method may include receiving, at a gateway from a client device, a request for a resource, the request comprising a location identifier associated with the resource. The method may further include redirecting, by a redirection message, the request to an authentication device that requests credentials for authentication, the redirection message comprising the location identifier. The method may also include retrieving, after authentication of the credentials, the location identifier from the client device. The method may additionally include providing access to the resource based on the location identifier.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS[0001]This application claims priority to U.S. Provisional Patent Application Ser. No. 61 / 823,096, filed May 14, 2013, entitled “Systems and Methods for Accessing Enterprise Resources While Providing Denial of Service Attack Protection,” which is incorporated by reference in its entirety.FIELD[0002]Aspects described herein generally relate to computing devices and computer networks. More specifically, aspects herein relate to interacting with enterprise-managed systems, application programs, and resources. Additionally, aspects herein relate to making enterprise resources both accessible and secure.BACKGROUND[0003]Many enterprise organizations (e.g., corporations, nonprofits, governments, etc.) maintain computer networks that allow enterprise users, such as employees, to access enterprise applications, data, and services (collectively known simply as “resources”). Enterprise resources may include hardware and software email applications, custom...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(United States)
IPC IPC(8): H04L29/06
CPCH04L63/08H04L63/0272H04L63/1458H04L63/0815H04L63/083G06F21/31H04L9/32
Inventor GUPTA, PUNITBHUSHAN, BHARATKANN, JONGRAFIQ, PIERRE
Owner CITRIX SYST INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products